Static analysis of production code

Hello! I have the following problem: Sometimes, some functions that are available only in the dev environment (composer install, with require-dev) end up in production code.

Maybe, in Laravel, a classic example would be using Faker outside tests and factories. For example: using fake()->numberBetween(10000, 99999); instead of random_int(10000, 99999); . In that case, all local / dev testing, automated tests, and static analysis give the green light, but as soon that code hits production (composer install --no-dev) there is error 500.

Sure, better code reviews and E2E tests that hit staging build (also --no-dev ) can help, but I am looking for some automation. Some external PHPStan?

What would you recommend to prevent or reduce this situation?

Thanks!